WalletPilot
Security checks across malware telemetry and agentic risk
Overview
WalletPilot is a high-impact crypto wallet automation skill, but the reviewed artifact does not include the code or enforceable guardrails it claims would protect funds.
Do not install or fund this skill unless you can inspect the complete implementation and verify the guardrails. If testing, use a brand-new wallet with very small funds, never your main wallet, and require manual confirmation for every transaction and signature.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated agent action could move funds, execute a bad swap, or sign a dangerous wallet message.
These documented actions let an agent connect to dapps, move crypto assets, and sign arbitrary messages. The artifacts do not require explicit user approval for every transaction or signature.
connect <dapp-url> ... swap <amount> <token-in> for <token-out> ... send <amount> <token> to <address> ... sign <message>
Require explicit human approval for every transaction and signature, restrict dapp URLs and contract targets, and use only a new low-balance wallet.
Anyone or anything that can access the saved wallet profile may be able to control the funded agent wallet.
A wallet seed and browser profile are credential/session material that grant spending authority. The artifact does not specify where this profile is stored, how it is protected, or how agent access is bounded.
Create a NEW wallet (fresh seed phrase) ... The profile is saved for future automation
Do not reuse an existing wallet or seed phrase; use a fresh wallet with minimal funds and require clear documentation of credential storage, encryption, and revocation before relying on it.
Users would have to rely on unreviewed or missing code to automate a crypto wallet, creating a serious provenance gap.
The package contains only SKILL.md, but the instructions describe npm setup, Playwright installation, config files, and source files such as guard.ts and wallet adapters that are not included for review.
1 file(s): SKILL.md (5569 bytes)
Publish the complete reviewed implementation, package manifest, lockfile, install spec, and guardrail code before users run setup or fund any wallet.
A user may overtrust the stated guardrails and fund a wallet even though the reviewed artifact cannot demonstrate those protections.
The skill makes strong safety claims, but no implementation or configuration files are present to verify that these controls exist or are enforced.
Spend Caps: Hard limits prevent runaway spending ... Protocol Allowlist ... Full Logging ... Revocation: Set `"revoked": true` to disable all actions
Treat the safety features as unverified until the enforcement code is available and independently reviewed.